Many known mobile devices support objects, such as those in Java to send, receive, or at least use data, voice, and/or multi-media (audio/video). These objects may be involved in sensitive information from cellular networks and with many different services. However, garbage collection operations presently performed on mobile devices have security deficiencies.
A non-limiting example of the deficiencies includes collection of unreachable objects. For example, FIG. 1 shows a typical state of a heap between garbage collections of unreferenced objects. A typical garbage collector waits until memory becomes low before collecting unreachable objects. Thus, an object may become unreachable well before it is collected. This creates an unpredictable window of opportunity for an attack, especially if the memory recovery itself is not secure.
For mobile devices employing content protection, once the user locks the mobile device, there is a period of time between when the lock command or trigger is initiated and the device actually becomes locked. This delay presents a window of opportunity for an attack while the device finishes encrypting its data. During this window of opportunity, it is possible that the device may be subject to unauthorized access and some of the unencrypted data read.